geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Mulder <ammul...@alumni.princeton.edu>
Subject Re: LoginDomains and automapping
Date Tue, 23 Nov 2004 14:38:12 GMT
On Mon, 22 Nov 2004, Jeff Genender wrote:
> This is good...this should get the raw Tomcat JAASRealm to work for 
> authorization.  I just coded up a special JAASTomcatRealm that called 
> the ContextManager.getServerSideSubject and now I can ditch it since it 
> looks like the JaasLoginCoordinator is populating the subject.

	I'm not sure you're right -- the JAASTomcatRealm should be using 
RealmPrincipals, which are not currently returned.  I need to talk this 
over with Alan:

Alan D. Cabrera wrote:
> I think that we should return the realm principals as well for all the
> same reasons that we have realm principals in the first place.

	Last time we talked you wanted to return everything except the 
RealmPrincipals...  why the change of heart?

	What if we change the JaasLoginCoordinator to load the
RealmPrincipals if it is used within the same JVM as the server, but not
if it connects over the network?  That may be the best balance of "give
other server components what they neeed" and "don't expose Geronimo
security internals to clients".

Aaron

Mime
View raw message